* Primary Location: United States,Texas,Irving
* Other Location: United States,Florida,Tampa; United States,Florida,Fort Lauderdale
* Education: Bachelor's Degree
* Job Function: Technology
* Schedule: Full-time
* Shift: Day Job
* Employee Status: Regular
* Travel Time: Yes, 10 % of the Time
* Job ID: 19028210
Cloud Application Security Program Specialist will be part of CITI's CISO aligned Global Information Security (GIS) Organization. This role is an individual contributor who will be responsible for leading global Cloud Application security program, which includes governance, application security methodologies, technical evaluation, and security reviews for the application development community.
This position requires close collaboration and partnership with Engineering, Information Security, Program Management, and Development organizations. The candidate will drive application security strategy to assess and evaluate cloud platforms and cloud services for secure deployment of business applications.
The goal of Cloud Application security program is to drive the adoption of cloud security practices, secure solutions and methodologies, improving the security posture of applications, streamlining cloud adoption while complying with standards and regulations. The responsibilities include:
* Act as a security advisor to developers, architects, business analysts, security engineers and other stakeholders to ensure we design confidentiality, integrity, resiliency, and privacy into cloud platform.
* Create security specifications, develop processes and evaluate tools for the secure adoption of cloud services.
* Oversee cloud related projects to ensure appropriate usage of security tools and security methodologies used.
* Drive adoption of embedded cloud security controls as part of the Software Development Life Cycle (SDLC) in agile methodology, including automated tools.
* Assist in implementation of security related product features like authentication, cryptography, etc.
* Evaluate 3-rd party Cloud services, systems, tools and solutions.
* Collaborate with sector development organizations as well as security engineering and testing teams in a leadership and advisory role.
* Work with standardization and regulatory bodies and alliances such as NIST, Cloud Security Alliance, COSO, SOC 2, FIDO, etc.
* Work with business analysts as well as end users to understand the business & functional requirements
* Ability to explain technical jargon to non-technical business partners.
* Solid understanding of basic application security vulnerabilities (OWASP top 10) and countermeasures to reduce related risks.
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
* 5+ years of experience, working in an Information Security domain
* 3+ years' experience in Cloud and Application security and related fields
* Good understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
* Hands-on experience developing high-performance solutions following agile or iterative methodologies
* Strong background in Cloud Security and Application Security
* Security testing methodologies, tools and techniques - understanding of common cloud and application security vulnerabilities and controls to remediate these weaknesses
* Bachelor's or Master's Degree (Information Security/Computer Science/Electronics and Engineering/Information Technology), or equivalent work experience
* Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
* Cloud Computing certifications such as CCSK, AWS, Azure, and GCP a plus
* Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
* Exposure to agile development, DevOps, SecOps and scrum teams
* Hands-on-experience with cloud security designs on AWS, GCP or Azure
* Strong desire to learn and contribute solutions and ideas to broader team
* Self-motivated with the ability to work independently and as a team member with minimal direction
* Ability to provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners
* Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
* Build and maintain collaborative relationships with partners, clients and peers
* Ability to communicate effectively at different levels of the organization, and with various technical and business audiences
* Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
* Dedicated and self-driven desire to research current information security landscape
* Excellent organizational, interpersonal, and project management skills
* Excellent communication skills both written and oral
* Record of accomplishment in managing work to achieve milestones on global projects on time and within budget in a fast-paced environment
Citigroup is a company providing financial products and services.